I have a doubt, I want to memorize strong passwords like these: Gx7#vTq!92Lm@ZpW but my complaint is that I don’t know how I’m going to update the old password, how am I going to create a new mnemonic view on top of the old one? and how am I going to remember all the passwords I will memorize? Let’s say I’m going to memorize a thousand passwords, strong or not, how am I going to be able to remember any one whenever I want and quickly? can you help me?
1 Like
1 Like
I used this one once:
ARoninIsAShogunlessSamurai
For a password to be a safe password it should be hard to guess.
For a password to be convenient it should be simple to remember.
You totally could memorize gibberish passwords, but you could do better in terms of safety and ease of use and use less effort by just using long combinations of easy to picture words (with the odd number or symbol thrown in for password complexity requirements).
1 Like
there is much debate about whether a string of random characters is any stronger than a passphrase of similar length. These are just as hard to crack and MUCH easier to memorize and enter when you need to log in.
Generally speaking, a decent approach is to link the thing that the password is for in some way to the imagery that encodes the password.
Lets say your password for this website is “Eagle-Spoon-Mushroom3!”
First figure out a way to get the name of the website to trigger a scene for you. “Art Of Memory” maybe its a big fancy granite sculpture of a brain. Then imagine the “Eagle” landing on the sculpture, taking out a “Spoon” from its feathers, and scooping a “Mushroom” out of the top of the brain. If you have a number system in place, add the mnemonic for the number 3 as an element at the end of the scene. If you’ve created associations for keyboard symbols, add that too for the !.
Later, when you think of the site, it should trigger the starter representative image which should clue you into the passphrase scene.
If you decide to use randomized gibberish passwords, you’ll need to create a system for letters and to determine if a letter is capitalized or not, along with a number and symbol system. This will be incredibly clunky, in my opinion, and not recommended.
OR
For a “thousand” passwords, all random strings of characters, just use a password manager software. Not everything HAS to be solved by memory techniques.
2 Likes
Memorization techniques for strong passwords are covered in Remember It! by Nelson Dellis and How to Train Your Memory by Phil Chambers (among other sources). Chambers lists various symbols and what you might visualize to represent them. For example:
“#” = a hash brown
^ = a carrot
“>” = a cheese grater
Nelson’s chapter on this topic is really good as well. I recommend checking out both resources.
Also, several studies have explored the effectiveness of mnemonic techniques in enhancing the memorability and security of strong passwords:
- Spaced Repetition and Mnemonics Enable Recall of Multiple Strong Passwords (2014): This study investigated the use of spaced repetition combined with mnemonic techniques to help users remember multiple strong passwords. Participants memorized Person-Action-Object (PAO) stories, associating a famous person with a random action-object pair in a specific scene (e.g., “Bill Gates swallowing a bike on a beach”). The findings indicated that 77% of participants successfully recalled all four stories over a period of 158 days, suggesting that such mnemonic strategies can significantly enhance password recall.
https://arxiv.org/abs/1410.1490
- A Large-scale Analysis of the Mnemonic Password Advice (2017): Researchers analyzed the memorability and security of mnemonic-based passwords compared to user-chosen passwords. The study concluded that mnemonic passwords are about as memorable as freely chosen passwords that include at least one non-letter character, indicating that mnemonic strategies do not compromise memorability while potentially enhancing security.
https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_03A-4_Kiesel_paper.pdf
- An Empirical Study of Mnemonic Password Creation Tips (2019): This research evaluated the security and usability of four common mnemonic password creation strategies. The study involved 209 participants and provided insights into the effectiveness of different mnemonic techniques in creating memorable and secure passwords.
https://www.sciencedirect.com/science/article/abs/pii/S0167404819300884
- DeepMnemonic: Password Mnemonic Generation via Deep Attentive Encoder-Decoder Model (2020): This study introduced “DeepMnemonic,” a framework designed to automatically generate mnemonic sentences to aid in memorizing strong passwords. The model aimed to bridge the gap between password strength and usability by creating semantically meaningful mnemonic aids, thereby enhancing both security and memorability.
https://arxiv.org/abs/2006.13462
Hope this helps,
Richard
2 Likes
I’m thinking it may be best to use those base words encoded in a simple, reproducible algorithm. For example, one could modify the password “opensesame” by substituting the individual letters as they are used in the major system, making it “o9e20e0a3e”, or encode “password” as “9a006o41”. Maybe also include a second set of rules linking vowels to special character, so the above could become “!9?20?0#3?” and “9#006!41”, meaning they’ll be very secure when linking together multiple words while also being easy to memorize unencoded.
1 Like
One other thing that I’m finding very helpful is to be able to sing the password to some sort of tune - kinda make it into an advertising jingle of sorts. If the only thing you have to remember for each password is a few words, it’s very easy to come up with a tune to sing it to. There’s a reason why advertising jingles stick so well in one’s brain.